I think there may be a compromise solution here... In short: it is good to make people log in as a normal user before trying to log in as root, because that way an attacker needs to compromise a normal user before starting on root. The standard way of doing this is to use "su", but that only accepts passwords, not (more secure) keypairs.
On our system, we run two ssh processes - one on the external interface
which does not accept root logins, and one on the internal interface
which does (keypairs only). A remote user wanting to log in as root
must first log in as a normal user, forwarding a connection to the local
SSH port, then log in using the key stored on their own machine.
As far as I can tell, this is the best of both worlds (although it does
take some setting up!)
- Andrew Sayers
pgp67FjB1k1aX.pgp
Description: PGP signature
